Configuring TCP/IP networking

A local area connection is created automatically if a computer has a network adapter and is connected to a network. If a computer has multiple network adapters and is connected to a network, you'll have one local area connection for each adapter. If no network connection is available, you should connect the computer to the network or create a different type of connection, as explained in "Managing Network Connections" on page 671.

Computers use IP addresses to communicate over TCP/IP. Windows Server 2008 provides the following ways to configure IP addressing:

Manually IP addresses that are assigned manually are called static IP addresses. Static IP addresses are fixed and don't change unless you change them. You'll usually assign static IP addresses to Windows Servers, and when you do this, you'll need to configure additional information to help the server navigate the network.

Dynamically A DHCP server (if one is installed on the network) assigns dynamic IP addresses at startup, and the addresses might change over time. Dynamic IP addressing is the default configuration.

Alternatively (IPv4 only) When a computer is configured to use DHCPv4 and no DHCPv4 server is available, Windows Server 2008 assigns an alternate private IP address automatically. By default, the alternate IPv4 address is in the range from 169.254.0.1 to 169.254.255.254 with a subnet mask of 255.255.0.0. You can also specify a user-configured alternate IPv4 address, which is particularly useful for laptop users.

Note Unless an IP address is specifically reserved, DHCP servers assign IP addresses for a specific period of time, known as an IP address lease. If this lease expires and cannot be renewed, then the client assigns itself an automatic private IP address.

Note To perform most TCP/IP configuration tasks, you must be a member of the Administrators group.

Configuring static IP addresses

When you assign a static IP address, you need to tell the computer the IP address you want to use, the subnet mask for this IP address, and, if necessary, the default gateway to use for internetwork communications. An IP address is a numeric identifier for a computer. Ip addressing schemes vary according to how your network is configured, but they're normally assigned based on a particular network segment.

IPv6 addresses and IPv4 addresses are very different. With IPv6, the first 64 bits represent the network id and the remaining 64 bits represent the network interface. With IPv4, a variable number of the initial bits represent the network id and the rest of the bits represent the host id. For example, if you're working with IPv4 and a computer on the network segment 192.168.10.0 with a subnet mask of 255.255.255.0, the first 24 bits represent the network id and the address range you have available for computer hosts is from 192.168.10.1 to 192.168.10.254. In this range, the address 192.168.10.255 is reserved for network broadcasts.

If you're on a private network that is indirectly connected to the internet, you should use private IPv6 addresses. Link-local unicast addresses are private IPv6 addresses. All link-local unicast addresses begin with FE80.

If you're on a private network that is indirectly connected to the internet, you should use private IPv4 addresses. Table 21-1 summarizes private network IPv4 addresses.

Table 21-1 Private IPv4 network addressing

All other IPv4 network addresses are public and must be leased or purchased. If the network is connected directly to the internet and you've obtained a range of IPv4 addresses from your internet service provider, you can use the IPv4 addresses you've been assigned.

Using the PING command to check an address

Before you assign a static IP address, you should make sure that the address isn't already in use or reserved for use with DHCP. With the PING command, you can check to see whether an address is in use. Open a command prompt and type ping, followed by the IP address you want to check.

To test the IPv4 address 10.0.10.12, you would use the following command:

If you receive a successful reply from the ping test, the IP address is in use and you should try another one. If no current host on the network uses this IP address, the PING command output should be similar to the following:

Note Pinging an IP address will work as long as all the hosts are active and reachable on the network at the time you ping the address. However, a firewall could be blocking your ping request. More important is to plan the assignment of static addresses to machines on your network carefully.

Configuring a static IPv4 or IPv6 address

One local area network (lan) connection is available for each network adapter installed. These connections are created automatically. To configure static IP addresses for a particular connection, follow these steps:

Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.

In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the connection you want to work with and then select Properties.

Double-click Internet Protocol Version 6 (TCP/IPv6) or internet protocol version 4 (TCP/IPv4) as appropriate for the type of IP address you are configuring.

For an IPv6 address, do the following:

Select Use The Following IPv6 Address and then type the IPv6 address in the IPv6 Address text box. The IPv6 address you assign to the computer must not be used anywhere else on the network.

Press the Tab key. The Subnet Prefix Length field ensures that the computer communicates over the network properly. Windows Server 2008 should insert a default value for the subnet prefix into the Subnet Prefix Length text box. If the network doesn't use variable-length subnetting, the default value should suffice. If your network does use variable-length subnets, you'll need to change this value as appropriate for your network.

For an IPv4 address, do the following:

Select Use The Following IP Address and then type the IPv4 address in the IP Address text box. The IPv4 address you assign to the computer must not be used anywhere else on the network.

Press the Tab key. The Subnet Mask field ensures that the computer communicates over the network properly. Windows Server 2008 should insert a default value for the subnet prefix into the Subnet Mask text box. If the network doesn't use variable-length subnetting, the default value should suffice. If your network does use variable-length subnets, you'll need to change this value as appropriate for your network.

If the computer needs to access other TCP/IP networks, the internet, or other subnets, you must specify a default gateway. Type the IP address of the network's default router in the Default Gateway text box.

DNS is needed for domain name resolution. Select Use The Following DNS Server Addresses and then type a preferred address and an alternate DNS server address in the text boxes provided.

When you're finished, click OK three times to save your changes. Repeat this process for other network adapters and IP protocols you want to configure.

With IPv4 addressing, configure WINS as necessary, following the technique outlined in "configuring WINS resolution" on page 669.

Configuring dynamic IP addresses and alternate IP addressing

Many organizations use DHCP servers to dynamically assign IPv4 and IPv6 addresses. To receive an IPv4 or IPv6 address, client computers use a limited broadcast to advertise that they need to obtain an IP address. Dhcp servers on the network acknowledge the request by offering the client an IP address. The client acknowledges the first offer it receives, and the DHCP server in turn tells the client that it has succeeded in leasing the IP address for a specified amount of time.

The message from the DHCP server can, and typically does, include the IP addresses of the default gateway, the preferred and alternate DNS servers, and the preferred and alternate WINS servers. This means these settings wouldn't need to be manually configured on the client computer.

DHCP is primarily for clients

Dynamic IP addresses aren't for all hosts on the network, however. Typically, you'll want to assign dynamic IP addresses to workstations and, in some instances, member servers that perform noncritical roles on the network. But if you use dynamic IP addressing for member servers, these servers should have reservations for their IP addresses. For any server that has a critical network role or provides a key service, you'll definitely want to use static IP addresses. Finally, with domain controllers and DHCP servers, you must use static IP addresses, so don't try to assign dynamic IP addresses to these servers.

Although you can use static IP addresses with workstations, most workstations use dynamic addressing, alternative IP addressing, or both. You configure dynamic and alternative addressing by following these steps:

Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.

In Network and Sharing Center, click Manage Network Connections. In Network Connections, one lan connection is shown for each network adapter installed. These connections are created automatically. If you don't see a lan connection for an installed adapter, check the driver for the adapter. It might be installed incorrectly. Right-click the connection you want to work with and then select Properties.

Double-click Internet Protocol Version 6 (TCP/IPv6) or internet protocol version 4 (TCP/IPv4) as appropriate for the type of IP address you are configuring.

Select Obtain An IPv6 Address Automatically or Obtain An IP Address Automatically as appropriate for the type of IP address you are configuring. If desired, select Obtain DNS Server Address Automatically. Or select Use The Following DNS Server Addresses and then type a preferred and alternate DNS server address in the text boxes provided.

When you use dynamic IPv4 addressing with desktop computers, you should configure an automatic alternative address. To use this configuration, on the Alternate Configuration tab, select Automatic Private IP address. Click OK, click Close, and then skip the remaining steps.

When you use dynamic IPv4 addressing with mobile computers, you'll usually want to configure the alternative address manually. To use this configuration, on the Alternate Configuration tab, select User Configured and then type the IP address you want to use in the IP Address text box. The IP address that you assign to the computer should be a private IP address, as shown in table 20-1 on page 631, and it must not be in use anywhere else when the settings are applied.

Disabling APIPA

Whenever DHCP is used, APIPA is enabled by default. If you don't want a computer to use APIPA, you can either assign a static TCP/IP address or disable APIPA. For example, if your network uses routers or your network is connected to the internet without a nat or proxy server, you might not want to use APIPA. You can disable APIPA in the registry.

On windows 2000 or later, you can disable APIPA by creating the IPAutoConfigurationEnabled as a DWORD value-entry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\AdapterGUID, where AdapterGUID is the globally unique identifier (GUID) for the computer's network adapter. Set the value to 0×0.

If you create the IPAutoConfigurationEnabled as a DWORD value-entry, you can enable APIPA at any time by changing the value to 0×1.

For more information about disabling APIPA, see microsoft knowledge base article 220874.

Configuring multiple IP addresses and gateways

Using advanced TCP/IP settings, you can configure a single network interface on a computer to use multiple IP addresses and multiple gateways. This allows a computer to appear to be several computers and to access multiple logical subnets to route information or to provide internetworking services.

To provide fault tolerance in case of a router outage, you can choose to configure Windows Server 2008 computers so that they use multiple default gateways. When you assign multiple gateways, Windows Server 2008 uses the gateway metric to determine which gateway is used and at what time. The gateway metric indicates the routing cost of using a gateway. The gateway with the lowest routing cost, or metric, is used first. If the computer can't communicate with this gateway, Windows Server 2008 tries to use the gateway with the next lowest metric.

The best way to configure multiple gateways depends on the configuration of your network. If your organization's computers use DHCP, you'll probably want to configure the additional gateways through settings on the DHCP server. If computers use static IP addresses or you want to set gateways specifically, assign them by following these steps:

Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.

In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the connection you want to work with and then select Properties.

Double-click Internet Protocol Version 6 (TCP/IPv6) or internet protocol version 4 (TCP/IPv4) as appropriate for the type of IP address you are configuring.

To add an IP address, click Add below IP Addresses to display the TCP/IP Address dialog box. After you type the IP address in the IP Address field, enter the subnet mask in the Subnet Mask field for IPv4 addresses or the subnet prefix length in the Subnet Prefix Length field for IPv6 addresses. Click Add to return to the Advanced TCP/IP Settings dialog box. Repeat this step for each IP address you want to add.

The Default Gateways panel shows the current gateways that have been manually configured (if any). To add a default gateway, click add below Default Gateways to display the TCP/IP Gateway Address dialog box. Type the gateway address in the Gateway field. By default, Windows Server 2008 automatically assigns a metric to the gateway, which determines in which order the gateway is used. To assign the metric manually, clear the automatic metric check box, and then enter a metric in the field provided. Click Add, and then repeat this step for each gateway you want to add.

Click OK three times to close the open dialog boxes.

Configuring DNS resolution

DNS is a host name resolution service that you can use to determine the IP address of a computer from its host name. This lets users work with host names, such as http://www.msn.com or http://www.microsoft.com, rather than an IP address, such as 192.168.5.102 or 192.168.12.68. Dns is the primary name service for Windows Server 2008 and the internet.

As with gateways, the best way to configure DNS depends on the configuration of your network. If computers use DHCP, you'll probably want to configure DNS through settings on the DHCP server. If computers use static IP addresses or you want to configure DNS specifically for an individual user or system, you'll want to configure DNS manually.

Basic DNS settings

You can configure basic DNS settings by following these steps:

Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.

In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the connection you want to work with and then select Properties.

Double-click Internet Protocol Version 6 (TCP/IPv6) or internet protocol version 4 (TCP/IPv4) as appropriate for the type of IP address you are configuring.

If the computer is using DHCP and you want DHCP to specify the DNS server address, select Obtain DNS Server Address Automatically. Otherwise, select Use The Following DNS Server Addresses and then type primary and alternate DNS server addresses in the text boxes provided.

Click OK three times to save your changes.

Advanced DNS settings

You configure advanced DNS settings on the DNS tab of the Advanced TCP/IP Settings dialog box, shown in Figure 21-3. You use the fields of the DNS tab as follows:

DNS server addresses, in order of use Use this area to specify the IP address of each DNS server that is used for domain name resolution. Click Add if you want to add a server IP address to the list. Click Remove to remove a selected server address from the list. Click Edit to edit the selected entry. You can specify multiple servers for DNS resolution. Their priority is determined by the order. If the first server isn't available to respond to a host name resolution request, the next DNS server in the list is accessed, and so on. To change the position of a server in the list box, select it and then click the up or down arrow button.

Append primary and connection specific DNS suffixes Normally, this option is selected by default. Select this option to resolve unqualified computer names in the primary domain. For example, if the computer name gandolf is used and the parent domain is microsoft.com, the computer name would resolve to gandolf.microsoft.com. If the fully qualified computer name doesn't exist in the parent domain, the query fails. The parent domain used is the one set in the System Properties dialog box, on the Computer Name tab. (Click System And Maintenance\System in Control Panel, then click Change Settings and view the Computer Name tab to check the settings.)

Append parent suffixes of the primary DNS suffix This option is selected by default. Select this check box to resolve unqualified computer names using the parent/child domain hierarchy. If a query fails in the immediate parent domain, the suffix for the parent of the parent domain is used to try to resolve the query. This process continues until the top of the DNS domain hierarchy is reached. For example, if the computer name gandolf is used in the dev.microsoft.com domain, DNS would attempt to resolve the computer name to gandolf.dev.microsoft.com. If this didn't work, DNS would attempt to resolve the computer name to gandolf.microsoft.com.

Append these DNS suffixes (in order) Select this option to set specific DNS suffixes to use rather than resolving through the parent domain. Click Add if you want to add a domain suffix to the list. Click Remove to remove a selected domain suffix from the list. Click Edit to edit the selected entry. You can specify multiple domain suffixes, which are used in order. If the first suffix doesn't resolve properly, DNS attempts to use the next suffix in the list. If this fails, the next suffix is used, and so on. To change the order of the domain suffixes, select the suffix and then click the up or down arrow button to change its position.

DNS suffix for this connection This option sets a specific DNS suffix for the connection that overrides DNS names already configured for use on this connection. You'll usually set the DNS domain name through the System Properties dialog box, on the Computer Name tab.

Register this connection's addresses in DNS Select this check box if you want all IP addresses for this connection to be registered in DNS under the computer's fully qualified domain name. This option is selected by default.

Note Dynamic DNS updates are used in conjunction with DHCP to enable a client to update its a (host address) record if its IP address changes, and to enable the DHCP server to update the ptr (pointer) record for the client on the DNS server. You can also configure DHCP servers to update both the a and ptr records on the client's behalf. Dynamic DNS updates are supported only by bind 5.1 or higher DNS servers as well as server editions of microsoft windows.

Use this connection's DNS suffix in DNS registration select this check box if you want all IP addresses for this connection to be registered in DNS under the parent domain.

Configuring WINS resolution

You use WINS to resolve network basic input/output system (NetBIOS) computer names to IPv4 addresses. You can use WINS to help computers on a network determine the address of other computers on the network. If a WINS server is installed on the network, you can use the server to resolve computer names. Although WINS is supported on all versions of windows, Windows Server 2008 primarily uses WINS for backward compatibility.

You can also configure Windows Server 2008 computers to use the local file LMHOSTS to resolve NetBIOS computer names. However, LMHOSTS is consulted only if normal name resolution methods fail. In a properly configured network, these files are rarely used. Thus, the preferred method of NetBIOS computer name resolution is WINS in conjunction with a WINS server.

As with gateways and DNS, the best way to configure WINS depends on the configuration of your network. If computers use DHCP, you'll probably want to configure WINS through settings on the DHCP server. If computers use static IPv4 addresses or you want to configure WINS specifically for an individual user or system, you'll want to configure WINS manually.

You can manually configure WINS by following these steps:

Access the Advanced TCP/IP Settings dialog box for IPv4 and click the WINS tab as shown in Figure 21-4. In the WINS addresses, In Order Of Use panel, you can specify the IPv4 addresses of each WINS server that is used for NetBIOS name resolution. Click Add if you want to add a server IPv4 address to the list. Click Remove to remove a selected server from the list. Click Edit to edit the selected entry.

You can specify multiple servers, which are used in order, for WINS resolution. If the first server isn't available to respond to a NetBIOS name resolution request, the next WINS server on the list is accessed, and so on. To change the position of a server in the list box, select it and then click the up or down arrow button.

To enable LMHOSTS lookups, select the Enable LMHOSTS Lookup check box. If you want the computer to use an existing LMHOSTS file defined somewhere on the network, retrieve this file by clicking import LMHOSTS. You generally will use LMHOSTS only when other name resolution methods fail.

WINS name resolution requires NetBIOS over TCP/IP services. Select one of the following options to configure WINS name resolution using NetBIOS:

If you use DHCP and dynamic addressing, you can get the NetBIOS setting from the DHCP server. Select Default: use NetBIOS setting from the DHCP server.

If you use a static IP address or the DHCP server does not provide NetBIOS settings, select Enable NetBIOS Over TCP/IP.

If WINS and NetBIOS are not used on the network, select Disable NetBIOS Over TCP/IP. This eliminates the NetBIOS broadcasts that would otherwise be sent by the computer.

Click OK three times. As necessary, repeat this process for other network adapters.

Note LMHOSTS files are maintained locally on a computer-by-computer basis, which can eventually make them unreliable. Rather than relying on LMHOSTS, ensure that your DNS and WINS servers are configured properly and are accessible to the network for centralized administration of name resolution services.